IPM AG
PRIVACY POLICY
Fundamentals
This text has been translated into English as a gesture of goodwill. In case of legal questions, the German version applies.We attach great importance to the protection of your personal data. This privacy policy informs you about how we use your data when you visit our website, why we need this information and what rights you have in relation to your data.
Name and address of the person responsible for data processing
IPM AG
Schiffgraben 42
30175 Hanover, Germany
HRB 214332
Phone: +49 511 47314790
E-mail address: datenschutz@ipm.ag
Address of the data protection officer
Data Protection Officer:
List + Lohr Datenschutz und Informationssicherheit GmbH
Garvensstr. 4
30519 Hanover
+49 511 499999600
E-mail address: datenschutz@ipm.ag
Status: 01.08.2024
1. why this privacy policy?
1.1 This privacy policy informs you about the type, scope and purpose of the processing of personal data within our online offer and the associated websites, functions and content (hereinafter jointly referred to as "online offer" or "website"). It applies regardless of the domains, systems, platforms and devices used (e.g. desktop or mobile) on which the Online Offer is executed.
1.2 The terms "personal data" and "processing" refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR), which we use to explain our data protection practices.
1.3 The personal data of users processed in the context of this online offering includes inventory data (e.g. names and addresses of customers), contract data (e.g. services used, names of processors, payment information), usage data (e.g. websites visited on our online offering, interest in our products) and content data (e.g. entries in the contact form).
1.4 The term "user" includes all categories of data subjects whose data we process. This includes our business partners, customers, interested parties and other visitors to our online offering. The terms are to be understood as gender-neutral.
1.5 We only process users' personal data in compliance with the applicable data protection regulations. This means that the data will only be processed if we have legal permission to do so. In particular, the processing takes place if it is necessary for the fulfillment of our contractual services (e.g. processing of orders), is required by law, the consent of the user is available or we have a legitimate interest in the processing (e.g. analysis and optimization of the online offer, security).
1.6 The legal bases for data processing are:
Consent of the user pursuant to Art. 6 para. 1 lit. a and Art. 7 GDPR,
Processing for the fulfillment of our contractual obligations and implementation of contractual measures pursuant to Art. 6 para. 1 lit. b GDPR,
Processing to fulfill our legal obligations pursuant to Art. 6 para. 1 lit. c GDPR,
Processing to safeguard our legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR, in particular in the analysis, optimization and security of our online offer, range measurement, the creation of profiles for advertising and marketing purposes and the use of third-party services.
2. better safe than sorry: safety measures
2.1 Your data is important. That is why we have taken technical and organizational measures to ensure that it is protected.
2.2 Data transmission between you and our site is encrypted (128 SSL encryption). You can display the corresponding certificates in your browser.
3. transparency in data sharing: your information and how it is used
3.1 We only pass on user data to third parties within the framework of the legal requirements. Data is passed on in particular if this is necessary on the basis of Art. 6 para. 1 lit. b GDPR for the fulfillment of the contract or on the basis of our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR in the economic and efficient operation of our business operations.
3.2 When using subcontractors to provide our services, we take appropriate legal, technical and organizational measures to ensure the protection of personal data in accordance with the applicable legal regulations.
3.3 If content, tools or other means from third-party providers are used in this privacy policy and these are based in a third country, data will be transferred to the countries in which the third-party providers are based. Third countries are countries outside the EU or the European Economic Area in which the GDPR is not directly applicable law. The transfer of data to third countries takes place either on the basis of an appropriate level of data protection, user consent or other legal permission.
4. provision of contractual services and your personal data
We require certain personal data to fulfill our contractual obligations.
4.1 What we need and why:
We use your data such as name, address and contact details (inventory data), and contract data (e.g. services used, names of contact persons, payment information) for the purpose of fulfilling our contractual obligations and services in accordance with Art. 6 para. 1 lit. b GDPR.
4.2 Your personal account:
When you register in our online store, we will provide you with all the necessary information and create a user account for you. Don't worry, this will remain private and will not be found by search engines. If you as a user wish to delete your account, we can do so, unless we are legally obliged to retain data for commercial or tax reasons. Remember to back up your data before the end of the contract. We are entitled to irretrievably delete all data that we have stored during our business relationship once the retention periods have expired.
4.3 IP addresses and user behavior:
When you register and perform other activities, we save your IP address and the time of your action. We do this to protect you and ourselves from misuse. As a matter of principle, we do not pass this data on to others unless it is necessary to defend our rights or if it is required by law in accordance with Art. 6 para. 1 lit. c GDPR.
4.4 Usage and content data for advertising purposes:
So that we can show you relevant offers, we analyze which pages you visit and which products you are interested in (user data). We use this information to create a user profile about you. For example, we can recommend products that might really interest you.
5. stay in touch: making contact
How we contact you and process your requests in the CRM system:
5.1 When contacting us (via contact form or e-mail), the user's details are processed to process the contact request and its handling in accordance with Art. 6 para. 1 lit. b) GDPR.
5.2 User data may be stored in our customer relationship management system ("CRM system") or comparable inquiry organizations.
5.3 We use the CRM system "HubSpot" from HubSpot, Inc, 25 First Street, 2nd Floor, Cambridge, MA 02141 USA, for the efficient processing of user inquiries. This includes the management of customer contacts, tracking of sales activities, automation of marketing campaigns, analysis of sales data, email campaigns, lead generation and management, integration with other tools, management of customer support requests, AI-supported content, personalized email creation, predictive sales forecasts, automatic workflow descriptions and AI chatbots for customer interaction. The use is based on the legal basis of contract performance (Art. 6 para. 1 sentence 1 lit. b GDPR) and legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).
The legal bases for the use of Hubspot are; contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR), legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); standard contractual clauses: https://legal.hubspot.com/dpa; order processing contract: https://legal.hubspot.com/dpa.
The link to Hubspot's privacy policy can be found at:
https://legal.hubspot.com/de/privacy-policy.
6. protection and transparency for your comments and contributions
6.1 If you leave comments or other contributions, we store your IP address for 7 days for legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR.
6.2 This is for our security in the event that illegal content (e.g. insults, prohibited political propaganda) is published. In such cases, we may be held liable for the comment or contribution and therefore require the identity of the author.
7. insight into the access data and log files
7.1 We collect data about every access to our server for legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR. The access data includes: Name of the page accessed, date and time of access, amount of data transferred, notification of access status, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider.
7.2 For security reasons, this log file information is stored for a maximum of seven days and then deleted. Data that is required for further storage for evidentiary purposes remains exempt from deletion until the incident has been clarified.
8th cookies: Not to bite into, but full of functions
8.1 Our website uses cookies and similar technologies to improve your user experience, analyze the use of the website and ensure basic functionalities. Cookies are small text files that are stored on your device. We use different types of cookies, which are described below:
8.2 Types of cookies:
Necessary cookies: These cookies are essential for the operation of the website and their use is based on the legitimate interest of the website operator pursuant to Art. 6 para. 1 lit. f GDPR, which is why no consent of the user is required. They enable basic functions such as page navigation and access to secure areas of the website. Necessary cookies on this website are
dd_cookie_test_cf09d422-36c9-4089-ac50-669d392d7555 und ähnliche: These cookies ensure the reliable functionality of the website during your session and are deleted after the browser is closed.
crumb: This cookie prevents cross-site request forgery (CSRF) and has a session runtime.
__hssrc: This cookie recognizes a restart of your browser and has a session runtime.
Functional cookies: Functional cookies are used to provide specific functions and services that go beyond the basic site functions. In contrast to necessary cookies, which are essential for basic navigation and access to secure areas of the website, functional cookies enable additional features such as the management of user settings, the improvement of the user experience through personalized content or the blocking of tracking codes. The following functional cookies are used on this website:
__hs_do_not_track: This cookie is used to prevent the tracking code from sending information to HubSpot. It has a duration of 179 days.
Secure_ENID Cookie: We use Secure_Enid to ensure the security and integrity of our website. Secure_Enid is a security protocol that helps you navigate securely through our online offerings. It enables us to prevent unauthorized access and ensure that your personal data is protected from cyber attacks. Secure_Enid data is stored for a maximum of 24 hours. This short storage period helps us to quickly identify and respond to security-related events without storing your data for longer than necessary. After this time, the Secure_Enid data is automatically deleted, unless there is a specific security reason that makes longer storage necessary. For the _Secure_ENID cookie, which is set by Google and serves to ensure the security and functionality of Google services, classification as a functional cookie would be appropriate.
The legal basis for the use of necessary and functional cookies is Art. 6 para. 1 lit. f GDPR (legitimate interest).
Session cookies: These temporary cookies are deleted after you close your browser and help us to recognize and link your actions during a browser session. Examples of session cookies on this website are
_ga: This cookie is used to distinguish users and analyze website usage during your session.
_cf_bm (hsforms.com) and _cf_bm (hsforms.net): These cookies differentiate between humans and bots and are usually deleted after 30 minutes.
The legal basis for the use of session cookies is Art. 6 para. 1 lit. f GDPR (legitimate interest).
Analysis cookies: These cookies collect information about the use of our website in order to improve performance and optimize the user experience. Examples of analytics cookies are:
_ga_P8TESRLFJ9 and _ga_W2SNQ7ZBDN: These cookies store information such as the number of visitors, pages visited and the source of the visit. This information helps us to improve the user experience and optimize the performance of our website. Both cookies are stored for a period of 2 years. During this time, they enable us to recognize trends and patterns in website usage, which contributes to the continuous improvement of our online offerings. At the end of the 2-year period, these cookies are automatically deleted unless they are set again.
__hstc: This cookie tracks visitors and stores the time of the first and last visit as well as the current session for 179 days.
hubspotutk: This cookie tracks the identity of a visitor and has a duration of 179 days.
When you visit our website for the first time, you will be asked to consent to the use of cookies, in particular analysis cookies. While necessary and session cookies remain activated by default, analysis cookies require your consent in accordance with Art. 6 para. 1 lit. a GDPR.
You can change your cookie settings in your browser or withdraw your consent at any time. To do this, go to the cookie banner under this link: Cookie Settings.
Alternatively, you can object to the use of cookies for reach measurement and advertising purposes via the deactivation page of the Network Advertising Initiative(http://optout.networkadvertising.org/), the US website(http://www.aboutads.info/choices) or the European website(http://www.youronlinechoices.com/uk/your-ad-choices/).
9. google analytics
Google Analytics is a powerful analytics tool that we use to gain valuable insights into the use of our website. Below we provide detailed information on the use of Google Analytics:
9.1 We use Google Analytics on the basis of our legitimate interests in order to analyze, optimize and economically operate our online offer (Art. 6 para. 1 lit. f GDPR). We use data protection-friendly settings. Google uses cookies to collect information about the use of our online offer by users, which is usually transferred to a Google server in the USA and stored there.
9.2 In order to ensure an adequate level of data protection when transferring data to the USA, we have concluded additional data processing agreements and standard contractual clauses with Google.
9.3 Google uses this information on our behalf to evaluate the use of our online offer, to create activity reports and to provide other services related to the use of the online offer. Pseudonymous user profiles may be created in the process.
9.4 We use Google Analytics to present relevant ads to users who have shown interest in our online offering or who have certain characteristics (so-called "remarketing" or "Google Analytics audiences"). In this way, we want to ensure that our ads correspond to the potential interests of users and are not annoying.
9.5 We use pseudonymous user identification numbers to measure and analyze the use of our online offering. These do not contain any unique data such as names or e-mail addresses, but are used to assign analysis information to end devices. Among other things, the content accessed, search terms used, interactions and technical details of the end devices and browsers are recorded.
9.6 Pseudonymous user profiles are created, which may contain information from the use of various devices. Google Analytics does not log and store individual IP addresses for EU users, but provides rough geographical location data derived from IP address metadata.
9.7 Users can prevent the storage of cookies by selecting the appropriate browser settings or prevent the collection of data generated by the cookie and related to the use of the online offer to Google and their processing by Google through the browser plugin at http://tools.google.com/dlpage/gaoptout?hl=de.
9.8 Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a GDPR);
Standard contractual clauses: https://business.safety.google/adsprocessorterms;
Opt-out: Opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=de,
Settings for advertisements: https://myadcenter.google.com/personalizationoff;
Order processing contract: https://business.safety.google/adsprocessorterms/;
Further information: https://business.safety.google/adsservices/ (Types of processing and processed data).
Further details on data processing by Google can be found in the privacy policy at: https://policies.google.com/privacy.
10. google marketing services
10.1 We use the marketing and remarketing services ("Google Marketing Services") of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, on the basis of our legitimate interests (Art. 6 para. 1 lit. f GDPR) to analyze, optimize and economically operate our online offering
10.2 In order to ensure an adequate level of data protection when transferring data to the USA, we have concluded additional data processing agreements and standard contractual clauses with Google.
10.3 Google Marketing Services enable us to display targeted advertisements on our website that match your interests. This is done through "remarketing", whereby you may be presented with ads for products that you have already shown interest in on other websites. To do this, Google uses special codes and (re)marketing tags when you visit our website and other websites on which Google marketing services are active. Your IP address and other information about the use of our online services are recorded and stored. However, within the European Union and in other signatory states to the Agreement on the European Economic Area (EEA), IP addresses are shortened before storage in order to exclude the possibility of direct personal identification. Your IP address will not be combined with data from other Google services. However, Google may link the above-mentioned information with data from other sources. Based on this link, you may be shown ads on other websites based on your interests.
10.4 An individual cookie is stored on the user's device, which contains information about websites visited, interesting content, offers clicked on, technical details and the IP address. The IP address is truncated within the EU or other contracting states of the EEA and is only transmitted in full to a Google server in the USA and truncated there in exceptional cases.
10.5 Your data will be processed pseudonymously as part of Google marketing services, without names or e-mail addresses being stored. Google uses cookies to process the data in pseudonymous user profiles so that ads can be managed and displayed according to your interests.
10.6 The information collected by Google marketing services is transmitted to Google and stored on servers in the USA. The services used include Google AdWords, DoubleClick and AdSense.
10.7 We use Google Tag Manager to centrally manage website tags and analyze visitor activity. The Google Tag Manager itself does not store any user profiles or cookies and does not carry out any independent analyses. However, the IP address of users is transmitted to Google for technical reasons if services are integrated via the Tag Manager.
10.8 Legal basis: Your consent (Art. 6 para. 1 sentence 1 lit. a GDPR);
Standard contractual clauses: https://business.safety.google/adsprocessorterms;
Data processing agreement: https://business.safety.google/adsprocessorterms/.
10.9 You can find further information on the use of data for marketing purposes by Google in Google's privacy policy at: https://policies.google.com/privacy.
10.10. If you wish to object to interest-based advertising by Google Marketing Services, you can use the setting and opt-out options provided by Google: http://www.google.com/ads/preferences.
11. NEWS-NEWS-NEWS
11.1 What is it about? The newsletter is our digital information package with offers, promotions and everything to do with our company. By subscribing to it, you agree that we may send you this information and agree to our procedure.
11.2 What's inside? The newsletter only contains content for which you have given us your consent or which is permitted by law. If we offer special content, this is deemed to be consent.
11.3 Confirmation and security: Registration takes place using the double opt-in procedure: After registering, you will receive an e-mail in which you must confirm your registration. This prevents people from registering with other people's email addresses. We log all registrations in order to comply with legal requirements. This includes time, IP address and confirmation.
11.4 What happens to the data? The shipping service provider may use this data in pseudonymous form, i.e. without direct assignment to you, to improve shipping or for statistics, e.g. on the origin of the recipients. The shipping service provider does not use your data to write to you directly or pass it on.
11.5 Registration details: You only need to enter your e-mail address. Optionally, you can enter your name so that we can address you personally.
11.6 Statistical survey and analyses: In our newsletters, we use a "web beacon", a small pixel-sized file that is retrieved from the server of the mailing service provider when the newsletter is opened. In doing so, we collect technical information such as the browser type, your operating system, your IP address and the time of retrieval. This data helps us to improve our service, e.g. by analyzing which content is particularly interesting or when most readers open the newsletter. We also look at which links are clicked to find out what interests you the most. We use these findings to adapt our content even better to your needs, but without identifying or monitoring individual users.
11.7 Why do we do this? We use the mailing service to offer a user-friendly and secure newsletter that meets our and your interests.
11.8 Cancellation and revocation: You can cancel the newsletter at any time. This will also revoke your consent to receive the newsletter and the statistics. You will find the unsubscribe link at the end of each newsletter. If you unsubscribe, we will delete your data.
12. integration of third-party services and content:
12.1 Content and services from third-party providers: We use content and services from third-party providers on our website in order to optimize our online offering and operate it economically. This means, for example, that we integrate videos or fonts from external providers in order to offer you an improved user experience. Your IP address is required so that this content can be correctly transmitted to your browser. We take care to only integrate content whose providers use the IP address exclusively to provide the content. Some third-party providers also use pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. These tags allow us to analyze information about visitor traffic on our website. The information collected is pseudonymized and may contain cookies that include technical details such as browser type and operating system, referrer pages, visit time and other usage data. This information may also be combined with data from other sources.
12.2 Overview of third-party providers and their services:
a) Payment services: If you use third-party payment services such as PayPal or Sofortüberweisung, their terms and conditions and privacy policies apply, which you can find on their respective websites or transaction applications.
b) External fonts:
Typekit font from Adobe: We integrate the "Typekit Fonts" from the provider Adobe. User data is used exclusively to display the fonts in the browser.
Provider: Adobe Systems Software Ireland, 4-6, Riverwalk Drive, Citywest Business Campus, Brownsbarn, Dublin 24, D24 DCW0, Ireland. Link to privacy policy; https://www.adobe.com/de/privacy.html External fonts from Google, Inc, https://www.google.com/fonts ("Google Fonts").
Google Fonts: Google Fonts are integrated by calling up a Google server, usually in the USA. When your browser requests a Google font, your IP address is transmitted to Google in order to display the fonts correctly. In addition to the IP address, technical data such as language settings, screen resolution, operating system and hardware used are also transmitted. This data is necessary so that the fonts can be provided to suit your device and your technical environment. When you visit our website, your browser sends HTTP requests to the Google Fonts Web API, an interface for retrieving fonts. The Web API provides you with the required CSS files and the fonts specified therein. These HTTP requests include your IP address, the requested URL on the Google server and HTTP headers containing information about your browser and operating system, as well as the referrer URL, i.e. the website on which the Google font is to be displayed.
Google does not store or analyze your IP address. The Google Fonts Web API only logs the requested URL, the user agent (for debugging and usage statistics) and the referrer URL (for maintenance purposes and reports). This data helps Google to analyze the use of fonts and measure the popularity of different font families. According to Google, this information is not used to create profiles of end users or to display targeted ads.
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
c) Vimeo video player: We integrate the Vimeo video player to display videos on our website .
Service provider: Vimeo, Inc. Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Standard contractual clauses: https://vimeo.com/enterpriseterms/dpa; Data processing agreement: https://vimeo.com/enterpriseterms/dpa. Link to privacy policy: https://vimeo.com/privacy.
d) LinkedIn: Our online offering uses functions of the LinkedIn network.
Provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. Each time one of our pages with LinkedIn functions is accessed, a connection to LinkedIn servers is established. LinkedIn receives information that you have visited our website with your IP address. If you click the LinkedIn "Recommend" button and are logged in to LinkedIn, LinkedIn can associate your visit to our site with your user account. We have no knowledge of the content of the transmitted data or its use by LinkedIn. Privacy policy: https://www.linkedin.com/legal/privacy-policy, Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
e) Pinterest: We use social plugins from the Pinterest social network.
Provider: Pinterest Inc, 635 High Street, Palo Alto, CA, 94301, USA ("Pinterest"). When you access a page with such a plugin, a direct connection to Pinterest servers is established. Log data such as IP address, websites visited, browser settings, date and time of the request and cookies may be transmitted to Pinterest. Privacy policy: https://about.pinterest.com/de/privacy-policy.
f) XING: We use functions of the XING network .
The provider is XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. When a page with Xing functions is called up, a connection to XING servers is established. To the best of our knowledge, no personal data is stored. No IP addresses are stored or usage behavior evaluated.
Privacy policy: https://www.xing.com/app/share?op=data_protection.
g) Elfsight: We use Elfsight to provide widgets, including contact forms, social media feeds, reviews and galleries. Elfsight adapts the widgets to the design of the website and collects user data to improve the services, i.e. storage and analysis of interactions to optimize the user experience; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR.
Provider: Elfsight, LLC, Paronyana str. 19/3, 201, 0015 Yerevan, Armenia.
The link to the privacy policy: https://elfsight.com/privacy-policy/.
h) jQuery: We use the external code of the JavaScript framework jQuery, provided by jQuery Foundation, https://jquery.org.
13 Your application with us: data protection and transparency
13.1 What is the legal basis for processing your applicant data?
If you apply for a job with us, your data will be processed in accordance with the statutory provisions and this privacy policy. Processing takes place in the employment context in accordance with Art. 88 para. 1 GDPR in conjunction with Art. 6 para. 1 lit. b GDPR. This means that we need your data to carry out the application process and prepare a possible employment contract.
13.2 What is processed?
We process various categories of personal data that you provide to us, such as your contact details (name, telephone, e-mail, address), your application documents (e.g. CV, certificates, other documents as submitted), qualifications and, in the case of a severe disability, health data.
13.3 To whom is the data forwarded?
Your data will only be passed on within our company to the personnel managers and, if necessary, the management in order to make an appropriate selection decision. IT systems that we use are operated by processors who comply with data protection regulations.
13.5 Is there a recruitment platform?
Personio is integrated as a recruitment platform and applicant management service (job advertisements, applicant search and application process) to support us in the management and processing of application data. The legal basis for the processing is our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. You can find more information on how your data is handled in Personio's privacy policy at: https://www.personio.de/datenschutzerklaerung/.
13.4 What happens to your data after the application?
If we are unable to make you an offer of employment or you reject your application offer or withdraw your application, we reserve the right to retain your data on the basis of our legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR for up to 6 months after completion of the application process. Thereafter, the data will be deleted and physical application documents destroyed, unless they are required for evidentiary purposes in a legal dispute. If it is foreseeable that the data may also be required after this period has expired (e.g. due to an impending legal dispute), the data will only be deleted when the purpose for further storage no longer applies. Data may also be stored for longer if you have given us your consent to do so or if this is required by statutory retention obligations. If you give your consent, we can store your data for up to 24 months.
14 Your rights as a user of the website
14.1 You have the right, upon request and free of charge, to receive information about what personal data we have stored about you.
14.2 In addition, you have the right to have incorrect data corrected, to restrict the processing of your data or to delete your personal data, insofar as this is permitted by law. You can also assert your right to data portability.
14.3 You can object to the future processing of your personal data at any time in accordance with the statutory provisions. In particular, you have the right to object to processing for the purpose of direct marketing.
14.4 In addition, you can lodge a complaint with the competent supervisory authority in the event of suspected unlawful data processing. The contact details of the competent supervisory authorityfor data protection in Lower Saxony are
The State Commissioner for Data Protection of Lower Saxony
Prinzenstrasse 5
30159 Hanover
Phone: +49 511 120 4500
E-mail: poststelle@lfd.niedersachsen.de
Website: https://www.lfd.niedersachsen.de
14.5 You can also revoke any consent you have given for the future
15 "The right to be forgotten": deletion of data
15.1 Your data stored by us will be deleted as soon as it is no longer required for its purpose and there are no legal obligations to retain it. If deletion is not possible because the data is required for other legally permissible purposes, its processing will be restricted. This applies, for example, to data that must be stored for commercial or tax law reasons.
15.2 In accordance with the legal requirements, the data is stored for 6 years pursuant to Section 257 (1) HGB and for 10 years pursuant to Section 147 (1) AO.
16. changes to the privacy policy
16.1 We reserve the right to amend the privacy policy in order to adapt it to changes in legislation or changes to our service and data processing. However, this only applies to declarations on data processing. Changes that require the consent of users or that affect parts of the privacy policy that contain provisions of the contractual relationship with users will only be made with your consent.
16.2 We recommend that you check the privacy policy regularly to stay informed.